[dns-operations] Any DNAME usage experience?

John Levine johnl at taugh.com
Sun Mar 29 16:35:15 UTC 2020


In article <mailman.1912.1585494000.1398.dns-operations at lists.dns-oarc.net> you write:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>Hi
>
>I looking for insights, usage experience regarding DNAME record
>implementation.
>If any compatibility issues, client side problems, resolvers etc?..
>Highly apperciate If anyone could share their knowledge.

My experience is that DNS software handles DNAME without trouble, but
most people who use DNAME want it to do things it doesn't do.

One common confusion is that DNAME only copies the tree below the name
with the DNAME but not that name itself.  The .CAT registry used to
have DNAMEs to create unaccented versions of names with accents.
Technically the DNAMEs did what they were supposed to, practically
they were useless due to only mirroring the subdomains.

The other is that people want DNAME to make the two name trees "the
same", which is not true for many reasons.  The main one is that web
and mail servers have to be configured for the names they handle, and
if use DNAME to point different names at them, they will treat those
the same as any unrecognized names, i.e., badly.  While it would be
technically possible to have them regognize DNAMEs as aliases for the
target names, that would be a a security nightmare since any hostile
party could point his names at your server.

Mail has an additional problem that RFC 1123 says the addresses in
mail transactions have to be "canonicalized", which rules out DNAMEs.
This rule is enforced spottily in practice, but enough to make DNAMEs
doubly useless for mail.

I have to say that at this point my advice is don't bother.  Whatever
problem you hope DNAMEs will solve, they won't.

R's,
John



-- 
Regards,
John Levine, johnl at taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly


More information about the dns-operations mailing list